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(54) Remote authentication system 

(57) To obtain a remote authentication system that 
securely authenticates with protecting biometrics infor- 
mation, which is user's personal information, and is firm 
on security when performing authentication of a person 
with the biometrics information, and a remote authenti- 
cation method. The present invention encrypts biomet- 
rics information that is user's personal information, and 
transfers the biometrics information over a network in 
such a state that only an authentication server, which 
the user assigns, can decode the biometrics informa- 
tion. Therefore, it is possible to securely protect user's 
privacy that is the biometrics information in a style of 
reflecting user's intention, and to prevent reuse of 
invalid authentication information since it is possible to 
confirm the date and time, when the authentication 
information was generated, by the authentication 
server. Furthermore, it is possible to keep the security of 
a system firm since an authenticated side can confirm 
whether the user is authenticated. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention <• 1 

[0001] The present invention relates to a remote 
authentication system identifying a person with biomet- 
rics. * ' - ~ 7 

2. Description of the Related Art - 

[0002] Heretofore, so as to perform security protection 
in an information processing system connected to a net- 
work, it is necessary to identify a person and to judge 
approval or disapproval of access of the person, that is, 
to perform authentication. In addition, in cash dispens- 
ers of banks and the like, authentication for identifying a 
person and accessing the person's transaction informa- 
tion, and authentication for entrance into and exit from 
confidential research sites, membership clubs, and the 
like, which have high confidentiality, are performed. 
[0003] Identification of a. person and authorization of 
the person's qualification, that is, authentication is per- 
formed with a magnetic card, an IC card, which are 
positioned similarly to an identification card and the like, 
and the person's memory such as a password, and 
combination of them. There, are problems that the 
authentication cannot be performed because the pass: 
word is forgotten, and the magnetic card and IC card 
are lost or broken, and another person, who is not the 
pr?ineipak is authenticated* witto^^ 
glary and leakage of password information. 
[0004] In addition, as one of means for authenticating 
a user over a network, there is a digital signature for 
indirectly authenticating the user by authenticating a 
message created by the user. In the digital signature, 
first, a message sender attaches a cryptogram that is 
encrypted from a message digest, into which an original 
message is compressed, with the sender's crypto- 
graphic key to the message. A message receiver con- 
firms that the message is one, which the. sender; 
himself/herself sent, and that the message is not tam- 
pered, by creating a message digest from the message 
received, decoding the message digest from the crypto- . 
gram, which is attached, with the sender's decoding key, 
and confirming coincidence of these two message 
digests. 

[0005] In addition, in the above-described encryption 
method, there are a common, key encryption method, 
using the sane key for a cryptographic key and a decod- 
ing key, and a public key encryption method using differ- 
ent keys for the cryptographic key and decoding key. In 
the public key encryption method, when one key is set 
as a secret key and is kept safely and another key is offi- 
cially announced as a public key, the cryptogram 
encrypted with the public key cannot be decoded anto 
the original message if a receiver has not the secret key; 



and hence the sender can transfer the message in such 
. a form that, only the receiver, who is desired by the 
. sender, can decode, and the cryptogram encrypted with 
. the secret key can be decoded with the public key into 

5 the original message, and hence the receiver can 
authenticates that the message is one from the sender 
herself/himself having the secret key. . v 
[0006] -Heretofore, although; in RFC1421 and 
RFC1422 (PEM; Privacy Enhancement for Internet 

•io Electronic Mail) that are registered in RFC {Request For 
Comment) of IETF (Internet Engineering Task Force), 
the digital signature and message encryption are per- 
formed with the public key encryption method and com- 
mon key encryption method, there is a problem that it is 

75 necessary to administrate the secret key bh the 
sender's hands since the sender uses the own secret 
key, for example, to safely keep the secret key with sav- 
ing the secret key in a floppy disk/a magnetic card, and 
an IC card: ' ■ * ?r ; 

20 [0007] On the other hand, in the authentication with 
biometrics information, which is a person's biological 
characteristic such as finger print information, palm 

. . print information, handwriting information, and retina 
■ information, it is difficult to perform masquerade and is 

25. . unnecessary to administrate the information of the 
secret key so long as the user himself/herself presents, 
and it is possible to resolve the complexness of keeping 
a baggage and the threat of loss at the time of the 
authentication of a person and the complexness of 

30 - memory at the time of the authentication of a password 
with the magnetic card and IC card. Nevertheless, there 

rics information is necessary in a wide range, the equip- 
ment for performing the centralized administration and 
35 authentication of the biometrics information is neces- 
sary, and that it is necessary to keep security with con- 
cealing the user's biometrics information at the time of 
^ transferring the biometrics information to the equip- 
, ment. performing the authentication, from the viewpoint 
40; ol protection of privacy. 

[0008] Furthermore, in general, random numbers are 
for creating a cryptographic key in a system creating the 
cryptographic key used for concealing the biometrics 
information . Nevertheless, there is also a problem that 
45 ? it is important to eliminate the tendency of the random* 
. numbers so as to make it difficult to break the crypto- 
graphic key. o . r 
[0009] In addition, an apparatus acquiring biometrics 
v. should be properly administrated from the viewpoint of 
50; protection of users' privacy,- and it is necessary to 
. authenticate an administrator. Nevertheless, there is a 
- - problem that, since another person cannot act for the 
administrator -if the authentication of this administrator^ 
was performed with biometrics, another person can 
55 never perform the access to the biometrics acquisition 
apparatus including initialization Furthermore, there is 
a problem that even a valid administrator can never per- 
form the access to the biometrics acquisition apparatus 
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including initialization,- if the -biometrics used for/ the 
authentication is, largely, changed or lost-toy suffering 
damage hi an accident in.case.of the validadtninistrator. 
[001 0] Moreover, in general; a system performing^user 
authentication is required to early find an invalid autheh- 5 
tication, for example, as for a cash card irva bank, there 
is means for making a cash card unusable rf authentica- 
tion with a preset number of times of; password inputs is : 
unsuccessful.- Also, a user authentication system with - 
the biometrics is f required:to early find arwnvalid auth&v ; 10 
tication. Nevertheless, a condition of biometrics is differ- 
ent every person, . , for example, in -a * system 
authenticating a person with finger print matching; a v 
minimum matching rate identifying a person as the prin- : 
cipal is deter mined,, but ^person whose finger is rough *5 
or worn gets a low matching rate even if the person can . 
obtain the best biometrics information at that time; and 
a failure probability of the authentication: itself increase 
if the matching rate decreases due to a minor failure 
such as insufficient contact at the time of acquiring the a?. 1 
finger print. Therefore, there is a problem that it cannot ■ 
be equally performed for all the persons that it is judged 
to be an unsuccessf ul authentication within orrty the pre- - 
set number of times. 



r-. - ; -.. 25'. 

SUMMARY OF THE INVENTION 

[0011] The present invention is to solve above ,prob- : ; 
lems, and an object of the present invention is to provide : 
a remote authentication system which securely authenr 30 
ticates with protecting biometrics information," which; is 
user's personal information,; and is; firm on security , 
when performing authentication, of a person with the 
biometrics information, and a remote authentication . 
method. . ■ -••»■• • -v : r-. -i'.r- 35-., 

[0012] In a remote authentication systerajn which an 
authentication server, an application server;- arid a user r 
terminal are connected to a network respectively? and 
which authenticates abuser using the user terminal; a i 
remote authentication system according to a first invent ao 
tion is a system, wherein the authentication ^server has ;.. 
a pair of a public, key and a secret key in^ a public:key v: 
encryption method, announces the public key, and conn:;; * 
ceals the secret key ; wherein at least one kind or.aplu-*\; 
ral kind of biometrics acquisition apparatus is connected ^4S 
to the user terminal; wherein the biometrics acquisitions 
apparatus: encrypts user's biometrics information, &i 
acquired at t^%time of authentication; with a tx>rhmom : \ * 
key in a common key encryption method /acquires, date c 
and time information, , creates a message;;digest^with -&o.\ 
connecting the date and time information-wrth^the cam-: ■ : 
mon key, and further encrypts the message*digestwith . 
the common key; acquires the public key of the authen- 
tication server, which the user assigns*,: and encrypts the 
common key with the public key of the authentication ss 
server; and transfers the biometrics information 
encrypted, the common key and date and time informa- 
tion, which is encrypted, and, the message .digest ^ 



encrypted with connecting the date and time informa- 
tion with the common key, as authentication information 
to the user terminal; and wherein the user terminal and 
application server transfer the authentication informa- 
tion to the authentication server, and the authentication 
; server: decodes user's biometrics information with the 
common key acquired by decoding the authentication 
information; which is transferred, with the secret key; 
' authenticates the user with the biometrics information; 
; and encrypts result of authentication and a message 
, digest of the result of the authentication with the secret 
... key and transfers both to the application server. 
. [0013] In addition, in a remote authentication system, 
in which an authentication server and a user terminal 
are connected to a network respectively, and which 
u authenticates a user using the user terminal, a remote 
r authentication system according to a second invention 
is a system, ^Wherein the : authentication server has a 
pair of a public key and a secret key in a public key 
encryption method; announces the public key, and con- 
ceals the secret key; wherein at least one kind or a plu- 
ral kind of biometrics acquisition apparatus is connected 
; s to the user terminalrwherein the biometrics acquisition 
- apparatus: encrypts user's biometrics information, 
acquired at'the time of authentication, with a common 
key in a common key encryption method; acquires date 
land time information; creates a message digest with 
--connecting the date and time information with the com- 
'inon key, further encrypts the message digest with the 
common key; acquires thepubiic key of the authentica- 
tion server/ "which the user assighs, arid encrypts the 
^common key with the public key of the authentication 
server; and transfers the biometrics information 
encrypted, the ebrnrribn k£y and date and time informa- 
tion, which' is' encrypted, and the message digest 
i encrypted with connecting the date and time irtforma- 
: :tfon with the common key/as authentication information 
tarthe user terminal; wherein the user terminal transfers 
the authentication information to the authiantication 
server; and wherein thfe authentication server: decodes 
user's biometrics information with the common key 
acquired by decoding the ' authentication information, 
.which is transferred,- with the secret key; authenticates 
the user with the biometrics information; and encrypts 
result of authentication land a message digest of the 
■ result of the ; authentication and transfers both to the 
user terminals * r :n ' : -' : - 
[0014] In addition, a remote authentication system is 
a system, Wherein" a biometrics acquisition apparatus: 
transfers biometrics information to a user terminal with- 
out encrypting the bibmetrics information at the time of 
authentication; encrypts the user's biometrics informa- 
tion, which the user terminal obtains, with a common 
key in a common key encryption method; acquires date 
and time information, creates a message digest with 
connecting the" date and time information with the com- 
mon key, encrypts the message digest with the common 
key; acquires a public key of an authentication server. 
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which the user assigns; encrypts the common key with 
the public key of the authentication server; and transfers 
the biometrics information encrypted, the common key 
and date and time information, which is encrypted, and 
the message digest encrypted with connecting the date 
and time information with the common key, as authenti- 
cation information. 

[0015] Furthermore, a remote authentication system 
according to a fourth invention uses biometrics informa- 
tion as a part or all of random numbers for creating a 
common key in a common key encryption method for 
encrypting the user's biometrics information acquired, 
at the time of authentication. 

[001 6] A remote authentication system according to a 
fifth invention is a system, wherein a biometrics acquisi- 
tion apparatus includes; an authentication unit of an 
administrator administrating the biometrics acquisition 
apparatus; and an authentication unit of an initializer ini- 
tializing the biometrics acquisition apparatus, wherein 
the two authentication units perform authentication sep- 
arately, and can perform only the initialization with 
authentication of the initializer. 

[0017] A remote authentication system according to a 
sixth invention is a system, wherein an authentication 
server: saves historic records of matching rates that are 
results of matching biometrics at the time of user 
authentication; compares a matching rate with an aver- 
age matching rate at the time of identifying a user as a 
principal until the previous occasion if the authentication 
server does not identify the user as the principal at the 
time of user authentication; confirms whether the 
rmat<^h^ 

preset value determined by an administrator; and 
informs a contact, who is registered beforehand, if a 
number of failed times due to changes more largely 
than the fixed value reaches a fixed value determined by 
the administrator. 

[0018] A remote authentication system according to a 
seventh invention is a system, wherein an authentica- 
tion server: saves historic records of matching rates that 
are results of matching biometrics at the time of user 
authentication; compares a matching rate with a match- 
ing rate at the time of identifying a user as a principal 
until the previous occasion at the time of user authenti- 
cation if the authentication server identifies the user as 
the principal; makes the user authentication unsuccess- 
ful if the two matching rates are the same rates and a 
message digest of biometrics information is not. saved, 
performs message digest calculation of biometrics infor- 
mation at this time, saves the message digest of biomet- 
rics information with the matching rate; saves a 
message digest of biometrics information at this time 
with a matching rate as a pair with calculating the mes- 
sage digest of biometrics information at this time if the 
two matching rates are the same and a message digest 
is saved, compares the message digest of biometrics 
information at this time with the message digest of bio- 
metrics information at the same matching rate in the 



past, identifies the user as a principal if both message 
- digests are different from each other; does not identify 
the user as a principal if a pair of a matching rate and a 
. message digest at this time completely coincides with a 

s t pair of a matching rate and a message digest in the 
past; and informs a contact, who is registered* before- 
hand, if a number of cases that the pair of the matching 
rate and : message. digest at this time completely coin- 
cides with the pair of the matching rate and message 

10 digest in the past reaches a value equal to or larger than 
a fixed value which is determined by an administrator. 

BRIEF DESCRIPTION OF THE DRAWINGS 
is [0019] 



Fig. 1 is a block diagram showing the conf iguration 
. v of a first embodiment of an Web system where a" 
remote authentication system according to the 
present invention is applied; 
Fig. 2 is a timing chart for explaining the processing 
of authentication in the Web system in Fig. 1 ;- 
Fig. 3 is a block diagram showing the configuration 
of a second embodiment of a database retrieval 
system where a remote authentication system 
according to the present invention is applied; 
Fig. 4 is a timing chart for explaining the processing 
of authentication in the database retrieval system in 
Fig. 3; 

Fig. 5 is a block diagram showing the configuration 

of a third embodiment of an Web system where a 
> . remote, ^au^mticatiff ^ the 

present invention is applied; 

Fig. 6 is a timing chart for explaining the processing 

of authentication in the Web system in Fig. 5; 

Fig. 7 is a block diagram showing the configuration 
. : of a fourth embodiment at the time of adrhinistration 
■r-' of a finger print acquisition apparatus where a 

remote authentication system* according to -the 

present invention is applied; 
- Fig. 8 is a t>lock diagram showing the configuration 

of a fifth- embodiment of an authentication server 

where a remote authentication system according to 
' the present invention is applied. - 

DESCRIPTION 1 OF THE PREFERRED EMBIDIMENTS 

[0020] Hereinafter, embodiments of the present inven- 
tion will be described with reference to drawings. 
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[0021 ] Fig. 1 shows the configuration of a Web system 
1 where the present invention is applied. Over a network 
55 2, an authentication server 3. an Web server 4 that is an 
application server, and a user terminal 5 are connected, 
and a biometrics acquisition apparatus 6 is connected 
to. the user terminal 5. In this Web system 1, if a user 
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accesses the Web server 4 through the user terminal 5, 
the Web server 4 receives user's personal authentica- ; 
tion from theautherrtication server 3, and acOTrding^to : 
the result, the, Web server 4 ; performs access jcontrof to 
the user. v -w.. ) .-\- r *■ - ■■.„ 
[0022] The authentication server 3 is a Computer sys- 
tern (hereinafter/ this is shown' as a system having a 
CPU. memory, a disk,, communication control,- and the- 
like) such as a personal -computer and: a workstation 
that are composed of an authentication controller 3A,^an 
encryption processing unit 3C; and an authentication ^ 
information database 3B, and announces one key in a 
public key method as a public key and conceals another 
key as a secret key. 

[0023] In addition, the Web server 4 is a computer 
system such as a personal computer and a workstation 
where a -Web server database 4A, an encryption 
processing unit 4D, an authentication request-unit 4B, 
and an application of a Web server software 4G '(herein- 
after, software is written as S/W) that is an application 
requiring personal authentication operate. . 
[0024] In addition, the user terminal 5 is a computer 
system such as a personal computer and a workstation 
where a browser 5A displaying information of the Web 
server terminal 4, and authentication information acqui- 
sition S/W 5B operate. Furthermore, a biometrics acqui- 
sition apparatus 6 is connected to the user terminal 5. 
The biometrics acquisition apparatus 6 represents a firK. 
ger print acquisition apparatus 7 and a palm print acquK 
sition apparatus 8 that acquire finger print of a human 
body and palm print information with image processing 
as biometrics information, a character recognition tablet^ 
9 acquiring handwriting information, which.: a user, 
draws, as biometrics information, a. retina; acquisition 
apparatus 10 acquiring retina information of a human 
body as the biometrics information with eyeground (fun- 
dus) scanning and the like, and the like. ; : : - : ^ y 
[0025] Here,, a case that the finger print; acquisition h 
apparatus 7 is used as the biometrics acquisition appa-x 
ratus 6 will be described as an example. In addition, the . 
biometrics information acquired by the biometrics acqui- . 
sition apparatus 6 such as the finger print: acquisition 
apparatus 7 can be image data, image data, that is not. : 
processed such as electrostatic data, and characteristic o 
point data obtained by extracting characteristics from 
image data. The finger print, acquisition apparatus 7 & 
composed of a finger print information acquisition unit 
7A acquiring., finger print information with, ;*image; i 
processing and the like and transferring the fingerprint • :■ 
information to the user terminal, an encryption process- 
ing unit 7B encrypting the finger print information, and a 
public key acquisition unit 7C acquiring a public key of 
the authentication server 3. : - - v — . ; . 
[0026] Next, operation will be described. . ;.v- ? . : • 
[0027] A flow of authentication processing in the Web ; 
system 1 like this is shown in Fig. 2. 
[0028] First, a case (SP5) that a user accesses infor- 
mation in the Web server database 4A, which has high 
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confidentiality, in the Web server 4 with the browser 5A 
that is an application operating in the user terminal 5 will 
be described/: The : Web server S/W 4C, which is an 
. application performing access control -of the information 
.having high; confidentiality, is required to perform the 
. user authentication so as to judge whether the user has 
an access authority. 

[0029] The authentication, information acquisition S/W 
■ 4C in the user terminal 5 acquires the finger print infor- 
mation, which is biometrics information necessary for 
the authentication;; from the finger print acquisition 
apparatus 7 (SP6). At this time, the S/W 4C may oper- 
ate with cooperating with other S/W (software such as a 
driver acquiring the authentication information). 
[0030] The finger print information acquisition unit 7A 
in the finger print acquisition apparatus 7, which is 
instructed to acquire the finger print information by the 
authentication information acquisition* S/W 5B in the 
user terminal 5,. acquires the finger print information 
from the user (SP.1). Although the encryption process- 
ing unit 7B encrypts this finger print information since 
this finger print information is user's inherent personal 
information, first, the encryption processing unit 7B cre- 
ates a common key in the common key method for 
encrypting this finger print information, and encrypts the 
finger print information with this common key. At the 
same time, the encryption processing unit 7B acquires 
date and time information, creates a message digest 
with connecting the date and time information with the 
common key, and further encrypts the message digest 
with the common key (SP2); ' - : 
[0031] The public key acquisition unit 7C in the finger 
print acquisition apparatus 7 acquires a public key of the 
authentication server from user's instruction such as a 
floppy; disk; a;magnetic card, an IC card," or key entry. 
Alternatively, if thef inger print acquisition apparatus 7 is 
properly administrated, the public key of the authentica- 
tion server 3 isfixedly-saved in the public key acquisition 
unit 7C in the finger print acquisition apparatus 7, and 
hence the user may use the public key after recognizing 
the public key. Next; the encryption processing unit 7B 
encrypts the. common key with the public key of the 
authentication server 3 (SP3). \ 
[0032] Then; the finger print acquisition unit 7A trans- 
fers the finger print information encrypted, the date and 
-time information/^he. message digest with connecting 
the date and time information with the common key that 
v&" encrypted? and the encrypted common key as the 
authentication information to the authentication informa- 
tion acquisition S/W 5B:i.n the user terminal 5 (SP4). 
.[0033] The authentication information acquisition S/W 
5B in the user terminal 5 transfers the authentication 
"information, which is acquired, 1 to the Web server 4 - 
through the browser 5A. At this time, the browser SA 
transfers the authentication information with adding a 
user ID such as a user name and a mail address, which 
the browser 5A acquires separately (SP7). 
{0034] The authentication request unit 4B in the Web 
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server 4 transfers the authentication information, which 
the authentication request unit 4B acquires through the 
Web server S/W 4C ( to the authentication controller 3A 
in the authentication server 3 (SP9). 
[0035] The authentication controller 3A in the authen- s 
tication server 3 makes the encryption processing unit 
3C decode the authentication information transferred, 
and performs the user authentication. At this time, the 
encryption processing unit 3C compares the message 
digest created from the date and time information and 10 
common key, which are transferred, in the authentica- 
tion server 3 with the message digest decoded from the 
message digest created with connecting the date and 
time information, which is encrypted, with the common 
key and confirms the validity of the date and time, when is 
the authentication information was created, in consider- 
ation of transfer delay (SP12). 

[0036] The authentication controller 3A performs fin- 
ger print matching from the finger print information and 
user ID, which are included in the authentication infor- 20 
mation transferred, and personal information originally 
saved in the authentication information database 3B in 
the authentication server 3. The authentication control- 
ler 3A creates the result of the authentication showing 
that the user is valid if the authentication controller 3A 25 
identifies the user as the principal in consequence of 
matching, or judges that the user is not the principal rf 
the authentication controller 3A cannot identify the user 
as the principal in consequence of the matching, and , 
creates the result of the authentication. This result of the -30 
authentication is delivered to the encryption processing 
unit 3C, OTAJJrja tr^ ; 
a message digest of the result of the authentication, 
encrypts the message digest with the secret key of the 
authentication server 3, that is, performs digital signa-. 05. 
ture, and delivers this message digest, which Is 
encrypted, to the authentication controller 3A. The 
authentication controller 3A informs the authentication 
request unit 4B in the Web server 4 of the result of the : 
authentication with including the message digest, which 40 
is encrypted, in the result of the authentication (SP13). 
[0037] The authentication request unit 4B in the Web^ - 
server 4 that receiving the result of the authentication 
informs the encryption processing unit 4D of the result 
of the authentication. The encryption processing unit 4D 45 
decodes the informed message digest, which \sr 
encrypted, with the public key of the authentication - 
server 3, and confirms that the message digest is surely 
the valid message from the authentication server 3. by 
comparing the decoded message digest with the mes- so- 
sage digest of the informed result of the authentication 
(SP10). If the authentication request unit 4B is informed - 
from the encryption processing unit 4D that the encryp : 
tion processing unit 4D confirmed that the information 
was the valid information from the authentication server ss 
3, the authentication request unit 4B informs the Web 
server S/W 4C of the result of the authentication. The . 
Web server S/W 4C judges approval or disapproval ..of. 



' access to the information in the Web server database, 
which has high confidentiality, to the user according to 
the result of the authentication (SP1 1 )•• For example, the 
Web server ,S/W ; 4C performs operation to the user 
access such as the display of the confidential informa- 
■tion. . ; . 

[0038] In; this manner, the finger print information that 
is user's personal information is encrypted with the 
- common key created,' the common key is encrypted with 
the public key of the authentication server 3, which the 
user set, and the public key of the authentication server 
3 is directly set by the user in the finger print acquisition 
apparatus 7: Hence, there is such an effect that it is pos- 
sible to securely protect the user's personal privacy, 
which is the finger print information that is the biomet- 
rics information, in a style of reflecting user's intention 
since the finger print information is transferred over the 
network in such a condition that only the authentication 
server 3, which the user assigned, can decode the fin- 
ger print information; Furthermore, a user can instruct 
only a public key of the authentication server 3 with a 
floppy disk, a magnetic card; an IC card, or key entry to 
the finger print acquisition apparatus 7, there is no prob- 
lem on security even if the floppy disk, magnetic card, or 
IC card is lost or stolen, which saves this public key, and 

- the user can receive the personal authentication with a 
substitute, which saves the same public key or the same 
article. There is another effect that it is unnecessary to 

. perform processing such as special notification and 
reissue at the time or toss and burglar and it is possible* 
to lighten the administration load. 

- [QMil In ad$tim sir^ when the 
authentication Information was created, is confirmed in 
the authentication server 3, it is possible to prevent 
reuse of the invalid authentication information, and to 
keep security high since it can be confirmed in the Web 
server 4 in the authentication-requester's side whether 
the. authentication is performed by the authentication 
information authentication server 3. * 
[0!D40] Although the present invention is iappiied in the 
. Web System 1 in this embodiment, the same effect can 
be obtained even rf the Web server S/W 4C and browser 

: SAare other, applications, constructing another system, 
such as accounting information administration server 
SDN and accounting information administration client 
S/V/, and database retrieval server S/W and database 
retrieval client BTA f i • - 

Embodiments.; '**"■■■ -'*=:■: 1 

[0G41] This embodiment is obtained by simplifying the 
first embodiment; and vhe Web server 4 and user termi- ; 
nal 5 in Fig. 1 become only a user terminals 5 in Fig. 3. 
. Since, in Fig. 3 where the same symbols are assigned 
to the parts corresponding to the parts in Fig. 1 . applica- 
tions for which the personal authentication is necessary 
present in only the user terminal 5. the Web server S/W 
4C and two applications, constructing the browser 5A, 
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that are shown in Fig. 1 -are replaced to database 
retrieval S/W 5E, and the Web server database 4A is 
replaced to a, local, database? 5G. In- this,:;Gase; the 
authentication request unit 4B and encryption process- 1 
ing unit 4D that construct the* Web server 4 in Fig: .1 
become a component of the user terminal 5 in Fig. 3. 
[0042] In the second embodiment, the user terminal 5 
is a computer system such as a personal computer and 
a workstation* where the local database SCr an- encryp-r 
tion processing-unrt 5F, a authentication request unitSD, . 
a database retrieval S/W 5E that is an. application for 
which the personal authentication is;. required, and 
authentication information acquisition S/W 5B operate. 
In addition, a biometrics acquisition apparatus 6 is con- 
nected to the user terminal s, and has the same config- 
uration as that in the first embodiment. Furthermore, the 
authentication server 3 also has the same configuration 
as that in .the first embodiment described above. : . 
[0043] . Here,, a. case that a finger print .acquisition 
apparatus 7 is used as the biometrics acquisition appa- 
ratus 6 will be exemplified. - • .-. < 
[0044] Next, operation will be described.: ; . 
[0045] Fundamentally, this is similar to^that in,thefirst 
embodiment, and in Fig. 4 where the same symbols are 
assigned to the parts corresponding to those in Fig. 2, 
first, a case that a user accesses information in the iocal . 
database SC. which has high confidentiality, with the 
database retrieval S/W 5E that is an application operat- 
ing in the user terminal 5 will be described: The data* \ 
base retrieval S/W 5E that is an application performing . 
access control of the information having high confidenti- 
ality is required to perform the user authentication so as 
to judge whether the .user has access authorization? 

(SP5). ^ \- . — , :r- 

[0046] The authentication information acquisition S/W 
SB in the user terminal 5 acquires jthe finger print infor- 
mation, which is necessary for the authentication; from 
the finger print information acquisition apparatus 7 
(SP6). At this time, this S/W SB may cooperate with, 
other S/W (software such as a driver, acquiring the 
authentication information). , • y 

[0047] The authentication information acquisition tinit : 
7 A in the finger print acquisition apparatus, which is: 
instructed to acquire the finger print information: from ; 
the authentication information acquisition S/W SB in the - 
user terminal S acquires the finger print information: 
from the user (SP1). Although encryption processing- 
unit 7B encrypts this finger print information since this 
finger print information is user's personal information, ; 
first, the encryption processing unit 7B creates a com- 
mon key in the common key encryption. method for 
encrypting this f inger print information, and encrypts the ; 
finger print information with this cornmon key. At the 
same time, the encryption processing unit 7B acquires 
date and time information, creates a message digest 
with connecting the date and time information with the 
common key, and further encrypts the message digest ■ 
with the common key (SP2). 
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[0048] The public key acquisition unit 7C in the finger 
print acquisition apparatus 7 acquires the public key of 
the authentication server 3 from user's instruction such 
as a floppy disk, a magnetic card, an IC card, or key 
entry. Alternatively, if the finger print acquisition appara- 
tus 7 is properly, administrated;; the public key of the 
authentication server 3 is fixedly saved in the public key 

. acquisition unit 7C in the finger print acquisition appara- 
tus 7. and-hence the user may use the public key after 
recognizing, the public .key. Next, the encryption 
processing unit 7B encrypts the: common key with the 
public key of the authentication server 3 (SP3). Then, 

- the finger print acquisition unit 7A transfers the finger 
print information encrypted, the date and time informa- 
tion, the message digest with connecting the date and 

-time information with the common key that is encrypted, 
and the encrypted common key as the authentication 
information to the authentication information acquisition 
SAN SB in the user terminal 5 (SR4) 
[0049] The authentication information acquisition S/W 
SB in the user terminal S acquires a user ID such as a 
user name and a mail and adds them to the authentica- 
tion information (SP7). 

[0050] The authentication request unit 5D transfers 
this authentication information to the authentication 
controller 3 A in the authentication server 3 (SP7). 
[0051] The authentication controller 3 A in the authen- 
tication server 3 makes the encryption processing unit 
1 3C decode the authentication information transferred,- 
and performs the user authentication; At this time, the 
encryption processing u'hit'3C compares the message 
digest created from the date and time information and 
common key, which is transferred, in the authentication 
server 3 with the message digest decoded from the 
message digest obtained by connecting the date and 
.time information, which-fs encrypted, with the common 
key, and conf irms the validity of the date and time, when 
the authentication information was created, in consider- 
ation of transfer delay (SP 12). 

[0052] The authentication controller 3A performs fin- 
ger print matching from the finger print information and 
user ID, which are included in the authentication infor- 
mation transferred,' and* personal information originally 
saved in the authentication information database 3B in 
the authentication server s. The authentication control- 
ler 3 A creates the' result of the authentication showing 
that the useris^ valid if the authentication controller 3A 
identifies the user -as the principal in consequence of 
matching, or judges that the user is not the principal if 
the authenticatidn controller 3A cannot identify the user 
as the principaMn consequence of the matching, and 
creates the result of the authentication. This result of the 
authentication is delivered to the encryption processing 
unit 3C. and the encryption processing unit 3C creates 
a message digest of the result of the authentication, 
encrypts the message digest with the secret key of the 
authentication server 3, that is, performs digital signa- 
ture, and delivers this message digest', which is 
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encrypted, to the authentication controller 3A. The 
authentication controller 3A informs the authentication 
request unit 5D in the user terminal 5 of the result of the 
authentication with including the message digest, which 
is encrypted, in the result of the authentication (SP13), 
[0053] The authentication request unit 5D in the user 
terminal 5 that receiving the result of the authentication 
informs the encryption processing unit 5F of the result 
of the authentication. The encryption processing unit 5R 
decodes the informed message digest, which is 
encrypted, with the public key of the authentication 
server 3, and confirms that the message digest is surely 
the valid message from the authentication server 3 by 
comparing the decoded message digest with the mes- 
sage digest of the informed result of the authentication 
(SP10). If the authentication request unit 5D receives 
from the encryption processing unit 5D the result of con- 
firmation that the information is the valid information 
from the authentication server 3, the authentication 
request unit 5D informs the database retrieval S/W 5E 
of the result of the authentication. The database 
retrieval S/W 5E judges approval or disapproval of 
access to the information in the local database 5C, 
which has high confidentiality, to the user according to 
the result of the authentication. For example, the data- 
base retrieval S/W 5E performs operation to. the user 
access such as the display of the confidential informa- 
tion (SP11). 

[0054] According to this configuration, when the. user 
terminal 5 requests the authentication server 3 to per- 
form the personal authentication, it is possible to obtain 
the same etfsets as thosein the4ins^embGdimen»U 
[0055] Although the present invention is applied in the 
database retrieval system 1 in this embodiment, the 
same effects can be obtained even if the database 
retrieval S/W is an application, constructing another 
system, such as accounting information administration 
S/W. 

Embodiments. . ^ 

[0056] This third embodiment is an embodiment 
where the encryption processing unit 7B arid public key 
acquisition unit 7C in the finger print acquis'sticn appara- 
tus 7 that is a biometrics acquisition apparatus 6 in the 
first embodiment present in the user terminal, 5. - - 
[0057] In Fig. 5 where the same symbols are assigned 
to the parts corresponding to those in Fig. 1, the user 
terminal 5 is a computer system such as a personal 
computer and a workstation, where a browser 5A dis- 
playing the information of the Web server terminal A an 
encryption processing unit 5F encrypting the finger print 
information, a public key acquisition unit 5G acquiring 
the public key of the authentication server 3, -and an 
authentication information acquisition S/W 5B operate. 
In addition, a biometrics acquisition apparatus 6 is con- 
nected to the user terminal 5. Furthermore, the authen- 
tication server 3 and Web server 4 have the same- 



configuration as that in the first embodiment/ 
[0058] - In addition, the biometrics information which 
. .the biometrics acquisition apparatus' 6 in this embodi- 
ment acquires can be image data, image data that is not 

5 processed such as electrostatic data, and also charac : 
: teristic point data obtained by extracting characteristics 
from image data. The biometrics acquisition apparatus 
6 can be a simple device that only acquires image data 
and does not have a CPU. 1 Here, a case that the finger 

io print acquisition apparatus 7 is used as the biometrics 
acquisition apparatus 6;will be exemplified: ' 
. [0059] Hie finger print acquisition apparatus 7 is com- 
posed of a finger print information acquisition unit 7A 
that acquires the finger print information by performing 

is image processing and the like and transfers the finger 
print information to the user terminal. 
[0060] Next, operation will be described. 
[0061] Fundamentally, the operation is the same as 
that in the first embodiment, in Fig. 6 where the saime 

20 symbols are assigned to the parts corresponding to 
those in Fig. 2, first, a case that a user accesses the 
information in the Web server database 4A, which has 
high confidentiality, in the Web server 4 with the browser 
5A that is an application operating in the user terminal 5 

25 . will be described (SP5). The Web server S/W 4C. which - 
is an application performing access control of the infor- 
mation having high confidentiality, is required to perform 
the user authentication so as to judge whether the user 
has an access authority. 

30 [G062] The authentication information acquisition S/W 
5B in the user terminal 5 acquires the finger print infor- 
mation, wfeiiafo tsibiometr^ for 
the authentication,; from the finger print acquisition 
, apparatus 7 (SP6).: At this time, the S/W 4C may oper- 

35 . ate with cooperating with other S/W (software such as a 
. driver acquiring the authentication information). 
[0063] The finger print information acquisition unit 7A 
in the finger print acquisition apparatus- 7 which is 
instructed to acquire the finger print information' by the 

40 authentication information acquisition S/W 5B in the 
user terminal 5 acquires the finger print information 
from the user (SP1 ), and transfers the finger print infor- 
. mation to the authentication information acquisition S/W 
5B in the user terminal 5 (Sp4). 

45 [0064] The authentication information acquisition S/W 
5B in the user terminal 5 makes the encryption process- 
r r ing unit 5F encrypt this finger print information since this' 
- finger print information is user's inherent personal infor- 
mation. First, 1 ihe encryption processing unit 5F creates - 

so a common keyUn the common key method for encrypt- 
ing this finger print information, and encrypts the finger 
~ print information with this common key. At the same : 
time, the encryption processing unit 5F acquires date 
. and time information, creates a message digest with 

ss connecting the date and time information with the com- 
mon key. and further encrypts the message digest with 
the common key (SP2). 

[0065] The public key acquisition unit 5G in the user 
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terminal 5 acquires a public key of the authentication is encrypted, in the result of the authentication (SP13). 
server from user's instruction such, as-a floppy disk, a [0070] The authentication request unit 4B in the Web 
magnetic card, an i IC card, or key entry^ : , . ..< :-. . server 4 receiving the result of the authentication 
[0066] - Naxt, the encryption prccessingvur.it 5 F. . ' informs the encryption processing Unit 4D of the result 
encrypts • the. eomrnon key with the public key of the .5 of the authentication: The encryption processing unit 4D 
authentication server 3 <SP3). Then, the authentication :-••' decodes the informed message" digest, - which is 
informatio.n acquisition S/W.5B transfers the finger, print: encrypted, with the public key of the authentication 
information encrypted, the date . and timevinformation, . - server 3; and confirms that the message digest is surely 
the message digest with, connecting the date and time v ■ the valid message from the authentication server 3 by 
information with the eommon.key that is encrypted, and > ra comparing the decoded message digest with the mes- \ v 
the encrypted common key the acquiredauthentication * sage digest of the informed result of the authentication x v . 

information as the authentication information to the Web (SP10). If the authentication request unit 4B is informed \ 
server 4 through the browser 5A; At this time, the from the encryption processing unit 5D that it was con- 
browser 5A transfers the authentication information with firmed that the information was the valid information 
adding a user JD such as a user name and a mail is from the authentication server 3, the authentication 
address, which the browser 5A acquires separately, to ■ request unit 4B informs the Web server S/W 4C of the 
the authentication information (SP7). * V result of the authentication: The Web server S/W 4C 

[0067] .The authentication request unit 4B in the Web judges approval or disapproval of access to the informa- 
/- server 4 transfers the authentication information, which . * tion in the Web server database 4A, which has high 
the authentication request unit 4B acquires, to the ~ 20 confidentiality, to the user according to the result of the 
authentication controller 3A in the authentication server authentication. For example, the Web server S/W 4C 
3 through the Web server- S/W 4C (SP9). ; , > . performs operation to the user access such as the dis- 

[0068] The authentication controller 3A in the authen- play of the confidential information (SP1 1). 
tication server 3 makes the encryption processing unit - [0071] In this manner, the finger print information that 
3C decode the authentication information transferred, 25. is user's personal information is encrypted with the 
and performs the user authentication. At this time, the common key created, the common key is encrypted with 
encryption processing unit 3C compares the message:. . the public key of the authentication server 3. which the 
digest created from the date and time information and user set. and the public key of the authentication server 
common key, which are transferred, in the authentica-: > - 3 is directly set "by the user in the user terminal 5. 
tion server 3 with the message digest deoxted from the 3oi'Mence, there is such an effect that it is possible to 
message digest obtained by connecting the date and > *: r securely protect the user's personal privacy, which is 
time information, which is encrypted, with th&.common ■< :the finger print information that is the biometrics infor- 
key, and confirms the validity of the date and time, when nation, in a style of reflecting user's intention since the 
the authentication information was created, in consider-:. . finger print information is transferred over the network in 
ation of transfer delay (SP12). - r : ■ - - . 35- such a condition that Only the authentication server 3, 

[0069] The authentication controller 3A performs fin-: v which the user assigned; can decode the finger print 
ger print matching from, the finger print informafon^and . > Information; Nevertheless, -although security becomes 
user ID, which are included in the. authentication infer?- :-; low in comparison with a case that the finger print infor- 
( mation transferred, and personal information originally - /- , mation is encrypted from the finger print acquisition 
saved in the authentication information database: 3B in j 40 ^apparatus 7 since there arises a period, when the finger 
the authentication server 3. The authentication, control- sprint information exists in the user terminal 5 without 
ler 3A creates the result of the authentication . showiegj s - being encrypted; there is ho problem if the user terminal 
that the user is valid if the authentication controller 3A 5 itself is properly-administrated, and there is ah effect 
identifies the user as the principal, in consequence of that the configuration- of the finger print acquisition 
matching, or judge? that the user is not the principal if : 45> a^aratus T since the encryption 

the authentication.controller 3A cannot identify the user; - processing unit and^-public key acquisition unit are - 
as the principal, in consequence of the matching, zancF ? * ■ .. unnecessary in the fingerprint acquisition apparatus 7. 
creates the result of the authentication. The result of this n: - As; effects except the above-described effects, the simi- 
authenticatipn is delivered to the encryption processing • •■< iar effects as Ihose in the first : embodiment can be 
unit 3C, and; Jhe encryption processing unit 3C creates . v5o obtained. Inadditiony-this embodiment can be applied 
a message, digest of the result of the : authentication*^ • ~yv also to the applteationr such as the database retrieval 
encrypts the message digest with the secret key of . the 1 r; S/W 5E, which are shown in the second embodiment, 
authentication server 3, thatus, performs digitat signa-. ~ .v and hence it is possible to obtain the same effects, 
ture, and .delivers -this message ^ digest.- whicho. is • [0072] Furthermore, in all of the first, second, and third 
encrypted, to the authentication controller ,3A. The ~ 55-. * embodiments, a common key for encrypting the user's 
authentication controller 3A informs the authentication : biometrics information obtained is created. Neverthe- 
request unit 4B in the Web server 4 of the result of the less, it is necessary to eliminate the tendency of the ran- 
authentication with including the message digest, which dom numbers for creating the common key so as to 
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make it difficult to break the common key. Since the bio- 
metrics information generally has values different every 
acquisition, the message digest of the biometrics infor- 
mation acquired is used as a part or afl of the random 
numbers. 

[0073] As described above, it is simply performed to 
eliminate the tendency of the generated random num- 
bers since the random numbers generated from the 
message digest of the biometrics information acquired 
are generated. Furthermore, since a part or all of this 
random numbers are used as the random numbers for 
generating the common key, it is possible to generate 
the random numbers irrelevant to the number of authen- 
tication times and the time and to construct a system 
that is strong on security against the decoding of the 
common key. 

Embodiment 4. 

[0074] Although only the valid administrator can per- 20 
form the administration of the biometrics information 
acquisition apparatus, it is necessary that the adminis- 
trator, being not authenticated, or another person acting 
for the administrator can perform initialization of a bio- 
metrics acquisition apparatus if there arises such a 25 
state that no one cannot authenticate the valid adminis- r 
trator. This case will be described with exemplifying 
such a case that, in the finger print acquisition appara- 
tus in the first and second embodiments, the finger print 
acquisition apparatus is properly administrated and a 30 
public key of an authentication server is fixedly deter- 
mine^ in the finger print acquisition apparatus, 
[0075] Fig. 7 is the configuration at the time of admin- - 
istrating, that is, setting and changing the public key fix- 
edly saved in a public key acquisition unit 12C in a finger 35 
print acquisition apparatus 12. An administration termi- 
nal 11 is a computer system such as a personal compu- 
ter and a workstation, where an administration S/W 1 1 A 
operates. The finger print acquisition apparatus 12 is 
composed of a finger print information acquisition unit : 40 
1 2A and an encryption processing unit 12B t a public key 
acquisition unit 12C, and an administration unit 12D. ■ ■ ; : 
[0076] The administration S/W.11A in the administra- 
tion terminal 11 issues authentication request of an 
administrator to the finger print acquisition apparatus 12. . 45 
so as to execute setting of the public key. Although an - 
administrator authentication unit 12D1 in an administra- 
tion unit 12D in the finger print acquisition apparatus; 1 2 
acquires administrator's finger print from the finger print - 
information acquisition unit 7A and performs finger print so- 
matching of the administrator, the administrator authen- 
tication unit 12D1 may become in such a condition that 
the unit 12D1 cannot identify the administrator as the 
valid administrator. This corresponds to a case that the 
finger print itself is lost due to an injury of the adminis- 55 
trator. In this case, although the administration S/W 1 1 A 
instructs an initializer authentication unit 12D2 in the 
administration unit 12D in the finger print acquisition - 



apparatus 12 to perform initialization; the S/W 1 1 A per- 
forms the authentication of the initializer with means, 
being set beforehand, such as a password. The initial- 
izer authentication-unit 12D2 performs only the authen- 
tication of .the initializer, only the initialization of the 
. finger print acquisition apparatus is executed by the 
authentication of the initializer authentication unit 12D2. 
[0077] In this manner,' by providing the authentication 
means for -an initializer separately from ah ordinary 
administrator, there are such effects that it is possible to 
perform only the initialization if arv administrator cannot 
be authenticated and suddenly becomes absent, and 
furthermore to prevent a person not having the initializa- 
tion authority from invalidly performing the initialization. 

Embodiments." 

[0078] Rg. 8 shows an authentication server where 
means for finding invalid authentication is applied to the 
above-described authentication server f so as to 
enhance reliability. An authentication server 13 is a 
computer system such as a personal computer and a 
workstation, which is composed of a logging unit 13D, 
an authentication controller 13A, an encryption 
processing unit 13C; and an authentication information 
database 13B. 

[0079] The logging unit 13D in the authentication 
server 13 logs a matching rate that is the result of 
matching biometrics at the time of the user authentica- 

: tion. In addition, the logging unit 1 3D confirm that a 
matching rate at this time does not change more than or 
equal to a preset Valy&fJ^rOT 
by comparing the matching rate at this time with the 
average matching rate at the time of identifying a user 
as the principal until the previous occasion if the authen- 
tication controller 13A does not identifies the user as the 
principal at the time.of:the user authentication. If the 
matching rate+changes more than or. equal to a fixed 
value, the logging unit 13D increases the number of fail- 
ure times. If the number of failure times reaches the 
value more than or equal to a fixed value determined by 
the administrator the logging unit 1 3D informs the 
administrator, who is registered beforehand, and the 
user herself/himself of the failure. 
[0080] Since;this structure informs the administrator 
and the user, who is personated, of the abnormal result 

- of the matching that is unique in biometrics authentica- " 
tion, it is possible to early find the invalid authentication 
and to keep the high security of the system. 
[0081] In addition, since biometrics information 
becomes information different every acquisition even if 
matching rates are the same, it is stochastically very' 
small that biometrics information acquired in the past 
coincides with the new biometrics information. An inva- 
lidity-finding structure using this characteristic of the 
biometrics authentication will be described. 
[0082] The logging unit 13D in the authentication 
server 13 that is shown in Fig. 8 compares a matching 
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rate at this time with _the matching rate atihe time of 
identifying, a user as the principal until, the 'previous 
occasion and confirms that both matching rates are ttie 
same if the authentication controller 13A identifies the 
user as the principal at the time of the user authentica- 
tion. If the matching- rates are the same and a message 
digest of the biometrics information is not' saved, the 
logging unit 13D informs .the authentication controller, 
13A of making, the user authentication unsuccessful,-, 
and the authentication controller 13A makes thei ; result, 
of the authentication, unsuccessful. At the §ame time, 
the logging unit 13D saves the* message digest of the 
biometrics information, with the matching rate. If the 
matching rates are the same and the message digest of 
the biometrics information is saved, the logging unit 1 3D 
calculates a message digest of the biometrics informa- 
tion at this time, compares this message digest with the 
message digest of the biometrics information at the 
same matqhincj rate in tiie past. If both message digest 
are different from each other, the logging unit 13D iden-. 
trfies the user as the principal, but, if both coincide; with 
each other, the logging unit 13D informs the authentica^ 
tion controller 13A of making the user authentication 
unsuccessful since there is a possibility of masquerade. 
The authentication controller 13A makes the result of 
the authentication unsuccessful. The logging unit 1 3D 
increases the number of failure times at^the same 
matching rate if the authentication is made. unsuccess- 
ful due to coincidence of the matching rate and mes- 
sage digest, and, if this number of failure times reaches;, 
a value more than or equal-to the fixed value determined 
by the administrator, the logging, unit 13D .informs Ihe 
administrator and the user herself/himself that; are reg- : 
istered beforehand. . t . v - ; . /! 
[0083] Since this structure informs the administrator J 
and the user, who is personated,, of such arvabnormal 
state that it is considered to be the masquerade caused ; 
by leakage of the biometrics information, it is.ppssible-to 
early find the invalid authentication and to keep the high 
security of- the system, In addition, there" are such 
effects that it is possible to reduce a storage area*since^ 
an object which the logging unit 1 3D saves is the rnesd - 
sage digest of the- biometrics information at thetime of • 
the same matching rate after the second occasion, and - 
that it is possible to shorten the time consumed for ram? 
parison in comparison with the comparison^ performed 
by using biometrics information itself, because of /the : 
comparison performed by using the messagejdigests: o : 
[0084] As described above, according to .the present.; 
invention, there -is such an effect that- it is possible f to 
securely protect the user's personal privacy, which is 
the finger print information that is the biometrics infor-. 
mation, in astyle of reflecting user!s intention since the- 
finger print information is transferred over the network in. 
such a condition that only the authentication server, \ 
which the user assigned, can decode the finger print 
information, and it is possible to prevent invalid authen- 
tication information from being reused since the date * 



and time when the authentication information was cre- 
ated can be confirmed in the authentication server 3, 
, " and to keep the security of the system high since the 
authentication request side can confirm whether the 
5 ' user is authenticated by the authentication server. 
1 [0085] Furthermore, although a user can instruct a 
public key of the authentication server, there is no prob- 
lem on security even if the floppy disk, magnetic card, or 
:r IC card, which: saves this public key, is lost or stolen, 
to 't "and the user can "receive the personal authentication 
with a substitute, which saves the same public key or 
the same article. There is another effect that it is unnec- 
: essary to perform processing such as special notifica- 
tion and reissue at the time of loss and burglar and it is 
75 possible to lighten the administration load. 

[0086] In addition, since the present invention creates 
random numbers, used for creating the common key, 
from the biometrics information acquired, it is possible 
r to generate the random numbers irrelevant to the 

- 20 number of authentication times and the time, and to 
construct a system that is strong on security against the 

; decoding of the common key. 
- [0087] Furthermore; by providing the authentication 
' . means for an initializer separately from an ordinary 
P5 : ^administrator, there are such effects that it is possible to 
r perform the initialization even if an administrator sud- 
> denly becomes 1 absent, and furthermore to prevent a 
person not having the initialization-authority from inval- 
\;S idly performing the initialization/ r - ■ 
; 30 [0088] Moreover since the authentication server logs 
■* at the time of the user authentication and informs a per- 
■v.. son, who is registered beforehand, of the abnormal 
:r result of the matching that is unique in biometrics 
. authentication, it is possible to early find the invalid 
-. 35 authertticatioryand to keep the high security of the sys-~ 
r .'tern. ■ ' > . -^■ :r " ': -v :-' 

; ;r Claims " " 

:ao: :1v jA remote authentication system in which an 
- ^ - authentication server "3, an application server 4, 
!:<"■• 1 ' and a user terminal 5 are connected to a network 2 
-respectively, and which authenticates a user using 

- s- : the user terminal,- wherein the authentication server 
- 45 :r . *'>'*\. has a pair of a public key and a secret key in a pub- 

,.,r.r\\c key encryption method, announces the public 
* i ■ . : key, and conceals the secret key> 

< therein at least on^ kind or a plural kind of biomet- 
£r- :\- 1 rics acquisition apparatus 6 is connected to the 
so : f '.\ ^'jjser terminal; : ^ : 

-j. -v- . : - wherein the 'biometrics acquisition apparatus: 
: ( - encrypts user's biometrics information, acquired at 
"-■■■j the time Of authentication, with a common key in a 
common key encryption method; acquires date and 
55 ■ time information; creates a message digest with 
connecting the date and time information with the 
common key, and further encrypts the message 
■ digest with the common key; acquires the public 
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key of the authentication server, which the user 
assigns, and encrypts the common key with the 
public key of the authentication server; and trans- 
fers the biometrics information encrypted, the com- 
mon key and date and time information, which is 5 
encrypted, and the message digest encrypted with 
connecting the date and time information with the 
common key, as authentication information to the 
user terminal; 

wherein the user terminal and the application 10 
server transfer the authentication information to the 
authentication server; and 

wherein the authentication server: decodes user's 
biometrics information with the common key 
acquired by decoding the authentication informa- 75 
tion, which is transferred, with the secret key; 
authenticates the user with the biometrics informa- 
tion; encrypts result of authentication and a mes- 
sage digest of the result of the authentication; and 
transfers both to the application server. 20 

2. A remote authentication system in which an 
authentication server 3, an application server 4, 
and a user terminal 5 are connected to a network 2 
respectively, and which authenticates a user using 25 
the user terminal, wherein the authentication server 
has a pair of a public key and a secret key in a pub- 
lic key encryption method, announces the public 
key, and conceals the secret key, and at least one 
kind or a plural kind of biometrics acquisition appa- 30 
ratus 6 is connected to the user terminal; 
* whenein -the biometrics aequisition apparatus: 

encrypts user's biometrics information, acquired at 
the time of authentication, with a common key in a 
common key encryption method; acquires date and 35 
time information, creates a message digest with 
connecting the date and time information with the 
common key, further encrypts the message digest 
with the common key; acquires the public key of the 
authentication server, which the user assigns; 40 
encrypts the common key with the public key of the 
authentication server; and transfers the biometrics 
information encrypted, the common key and date 
and time information, which is encrypted, and the 
message digest encrypted with connecting the date 45 
and time information with the common key, as 
authentication information to the user terminal; 
wherein the user terminal transfers the authentica- 
tion information to the authentication server; and 
wherein the authentication server: decodes user's so 
biometrics information with the common key 
acquired by decoding the authentication informa- 
tion, which is transferred, with the secret key; 
authenticates the user with the biometrics informa- 
tion; encrypts result of authentication and a mes- ss 
sage digest of the result of the authentication with 
the secret key; and transfers both to the user termi- 
nal. 



3. The remote authentication system according to any " 
one of claims 1 and 2, wherein the biometrics 
acquisition apparatus transfers biometrics, informa- 
tion to the user terminal without encrypting the bio- 
metrics information at the time of authentication; 
and 

wherein the user terminal: encrypts the user's bio- 
metrics information, which is obtained, with a com- 
mon key in a .common key encryption method; 
acquires a public key of a authentication server that 
a user assigns; encrypts the common key with the 
public key of the authentication server; acquires 
date and time information, creates a message 
digest with : connecting the date and time informa- 
tion with the common ; key, encrypts the message 
digest with the common key; and transfers the bio- 
metrics information encrypted, the common key 
and date and time information, which is encrypted, 
and the message digest encrypted with connecting 
the date and time information with. the common key, v 
as authentication information to the user terminal. 

4. The remote authentication system according to any 
one of claims 1 to 3, wherein the user terminal uses 
biometrics information as a part or all of random 
numbers for creating the common key when, at the 
time of authentication, the user terminal creates the 
common key in a common key encryption method 
for encrypting the user's biometrics information 
acquired. ~ - 

5. The remote.airthetTticatiorn system.accordirng to any 
one of claims 1 to 3; wherein the biometrics acqui- 
sition apparatus includes an authentication unit of 
an administrator administrating the biometrics 
acquisition, apparatus and an authentication unit of 
an initializer initializing the biometrics acquisition 
apparatus; and 

wherein the two authentication units perform 
authentication separately, and performs initializa- 
tion with authentication of the initializer even if the 
administrator is not authenticated. 

6. The remote authentication system according to any 
one of claims 1 to 3, wherein the authentication 
server: saves a historic record of a matching rate 
that is result of matching biometrics at the time of 
user authentication; compares a matching rate with 
an average matching rate at the time of identifying 
a user as a principal until the previous occasion if 
the authentication server does not identify the user 
as the principal at the time of user authentication; 
confirms whether a matching rate at this time 
changes more largely than a preset value deter- 
mined by an administrator; and informs a contact, 
who is registered beforehand, if a number of failed 
times due to changes more largely than a fixed 
value reaches a fixed value determined by the 
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administrator. _ 1 . 

7. The remote authentication system according toany ' 
one of claims T to 3, wherein the' authentication - 
server : saves historic records or matching rates that s 
are results of matching biometrics at the time of - 
user authentication; compares a matching rate with 
a matching rate at the time of identifying a user as ' 
a principal until the previous oceasioTi at the time of 
user authentication if the authentication server ' io 
identifies the user as the principal; makes the user - 
authentication unsuccessful if the two matching 
rates are the same rates and a r message digest of 
biometrics information is riot saved,' performs mes- 
sage digest calculation of biometricsirtfbrmatiori at 15 
this time, saves 'the meSsagie digest of biometrics 
information with the matching rate; saves a mes- 
sage digest of biometrics information at this time 
with a matching rate as a pair with calculating the 
message digest of biometrics information at : this 20 
time if the two matching rates are the Same and a 
message digest is saved, compares the message 
digest of biometrics information at this time with the : 
message digest of biometrics information at the 
same matching rate in the past identifies the user 25 
as a principal if both message digests are different . 
from each other; does .not identify the. user as a 
principal if a pair of a matching rate and a message- 
digest at this time completely coincides with a pair ■ 
of a matching rate and a message digest in the 30 
past; and informs a contact, who is registered 
beforehand, if a number of cases that the pair of the . . - r 
matching rate and message digest at this time corn- * 
pletely coincides with the pair, of the matching rate 
and message digest in the past reaches; a value: 35 
equal to or more than a fixed value which is deter- 
mined by an administrator. , 

- ■ v \ -r ■, : I - - .v^- ■ V- 40. 
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FIG. 3 
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FIG. 5 
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FIG. 7 
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